XSS Vulnerability in wp-ultimate-csv-importer Plugin for WordPress
CVE-2015-9306

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv
Vendor
CVE Published:
12 August 2019

Summary

The wp-ultimate-csv-importer plugin for WordPress versions prior to 3.8.1 exposes users to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts. This may lead to unauthorized actions and data exposure within user sessions. It is recommended that users update to the latest version to mitigate potential security risks.

References

https://wordpress.org/plugins/wp-ultimate-csv-importer/#d...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.